Security Audit
AWS Penetration Testing
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
AWS Penetration Testing received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 14 findings: 12 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Skill contains extensive command injection instructions, Skill details credential harvesting techniques.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 9f5351e8). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings14
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/aws-penetration-testing/SKILL.md:89 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/aws-penetration-testing/SKILL.md:92 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/aws-penetration-testing/SKILL.md:95 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/aws-penetration-testing/SKILL.md:111 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/aws-penetration-testing/SKILL.md:115 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/aws-penetration-testing/SKILL.md:126 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/aws-penetration-testing/SKILL.md:338 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/aws-penetration-testing/SKILL.md:367 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/aws-penetration-testing/SKILL.md:371 | |
| CRITICAL | Skill contains extensive command injection instructions The skill provides numerous explicit shell commands and Python code snippets designed for AWS penetration testing, including creating access keys, updating Lambda functions, executing commands on EC2 instances via SSM, and mounting file systems. If the host LLM is prompted to 'perform' these actions or guide a user to execute them, it could lead to arbitrary command execution in the environment where the commands are run, potentially compromising AWS resources or the local system. Skills designed for penetration testing or offensive security operations should be carefully reviewed. If direct execution is possible, such skills must be isolated in highly restricted environments or only allowed to provide informational guidance without execution capabilities. Implement strict sandboxing and explicit user confirmation for any command execution. | LLM | SKILL.md:109 | |
| CRITICAL | Skill details credential harvesting techniques The skill explicitly outlines methods to extract AWS credentials, including temporary credentials from EC2 metadata endpoints (IMDSv1/v2), Fargate container credentials, and using tools like `aws_consoler` to convert API keys to console access. It also shows how to pass access and secret keys directly as command-line arguments. If the LLM is prompted to apply these techniques, it could lead to the compromise and exfiltration of sensitive AWS credentials. Prevent the LLM from executing or directly guiding users through credential harvesting techniques. Implement strict data loss prevention (DLP) measures to detect and block attempts to extract or display sensitive credentials. Ensure any interaction with AWS APIs is done through secure, least-privilege mechanisms. | LLM | SKILL.md:70 | |
| CRITICAL | Skill facilitates actions requiring excessive permissions The entire purpose of this skill is to describe and provide commands for AWS penetration testing, which inherently involves exploiting or performing actions that require highly privileged AWS permissions. Techniques include IAM privilege escalation (e.g., attaching AdministratorAccess policies, creating access keys for other users), injecting code into Lambda functions, and executing commands on EC2 instances. If an LLM is allowed to execute these actions, it would be performing operations far beyond typical operational needs, leading to severe security breaches. Skills with offensive security content should never be granted direct execution privileges in production environments. If used for educational or testing purposes, they must operate within strictly isolated and ephemeral sandboxes with no access to real-world resources. Implement a robust permission model for LLM agents based on the principle of least privilege. | LLM | SKILL.md:114 | |
| HIGH | Skill provides instructions for data exfiltration The skill includes commands and techniques specifically designed to exfiltrate data from AWS resources. Examples include `aws s3 sync` to download entire S3 buckets, and instructions for mounting EBS volumes to access 'stolen' data, and extracting `NTDS.dit` and `SYSTEM` files for credential dumping. If executed, these commands could lead to unauthorized data theft. Restrict the LLM's ability to execute file system operations or network requests that could facilitate data exfiltration. Implement strict access controls and monitoring for any data transfer activities initiated by the LLM or guided by its instructions. | LLM | SKILL.md:149 | |
| MEDIUM | Skill recommends external tools with supply chain risks The skill instructs users to install various tools via `git clone` and `pip install` from external GitHub repositories and PyPI. While these are common practices in penetration testing, they introduce supply chain risks. If any of these external repositories or packages were compromised, installing them could lead to the execution of malicious code on the user's system. The LLM could also be prompted to install these without proper vetting. When recommending external tools, advise users to verify the integrity and authenticity of the sources (e.g., checking GPG signatures, auditing code). For automated environments, consider using trusted, pre-vetted container images or package repositories. Implement strict dependency management and vulnerability scanning for all third-party components. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/12bf049d836d1a46)
Powered by SkillShield